From c05908a7f6c1eee4d90d95ad903c4827dffb23b4 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 27 Feb 2025 15:14:55 +0100 Subject: [PATCH] libartifact: NewArtifactStore() reject relative paths The oci layout code can handle a relative path find but all paths returned by the code then will alos be relative, this can be bad and result in bugs if something ever changes the cwd. The graphroot path we pass should already be always absolute, so just add a sanity check here given libartifact is planned to be moved as sperate lib and we cannot assume anything about the path we will be given there. Signed-off-by: Paul Holzinger --- pkg/libartifact/store/store.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/libartifact/store/store.go b/pkg/libartifact/store/store.go index 7d3cf9e8d4..904912c96d 100644 --- a/pkg/libartifact/store/store.go +++ b/pkg/libartifact/store/store.go @@ -47,6 +47,10 @@ func NewArtifactStore(storePath string, sc *types.SystemContext) (*ArtifactStore if storePath == "" { return nil, errors.New("store path cannot be empty") } + if !filepath.IsAbs(storePath) { + return nil, fmt.Errorf("store path %q must be absolute", storePath) + } + logrus.Debugf("Using artifact store path: %s", storePath) artifactStore := &ArtifactStore{